curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-16 17:12:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

rtsp: fix RTSP auth

Browse Source 
Verified with test 3100

Fixes #4750
Closes #9870
This commit is contained in:
Daniel Stenberg 2022-11-08 15:34:12 +01:00
parent e46d388c87
commit 2bc04d4980
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/KNOWN_BUGS
View File

@ -67,7 +67,6 @@ problems may have been fixed or changed somewhat since this was written.
6.5 NTLM does not support password with § character
6.6 libcurl can fail to try alternatives with --proxy-any
6.7 Do not clear digest for single realm
6.8 RTSP authentication breaks without redirect support
6.9 SHA-256 digest not supported in Windows SSPI builds
6.10 curl never completes Negotiate over HTTP
6.11 Negotiate on Windows fails
@ -564,15 +563,6 @@ problems may have been fixed or changed somewhat since this was written.
https://github.com/curl/curl/issues/3267
6.8 RTSP authentication breaks without redirect support
RTSP authentication broke in 7.66.0. A work-around is to enable RTSP in
CURLOPT_REDIR_PROTOCOLS. Authentication should however not be considered an
actual redirect so a "proper" fix needs to be different and not require users
to allow redirects to RTSP to work.
See https://github.com/curl/curl/pull/4750
6.9 SHA-256 digest not supported in Windows SSPI builds
Windows builds of curl that have SSPI enabled use the native Windows API calls

9
lib/http.c
View File

@ -696,6 +696,15 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data)
data->req.newurl = strdup(data->state.url); /* clone URL */
if(!data->req.newurl)
return CURLE_OUT_OF_MEMORY;
#ifndef CURL_DISABLE_RTSP
/*
* Authentication is treated as a redirect in Curl_follow(), so if this is
* done using RTSP we make it allow these "redirects" to RTSP (only). A
* safe assumption as no other redirects should happen from RTSP.
*/
if(conn->handler->protocol & CURLPROTO_RTSP)
data->set.redir_protocols = CURLPROTO_RTSP;
#endif
}
else if((data->req.httpcode < 300) &&
(!data->state.authhost.done) &&

13
lib/rtsp.c
View File

@ -267,6 +267,19 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done)
rtsp->CSeq_sent = data->state.rtsp_next_client_CSeq;
rtsp->CSeq_recv = 0;
/* Setup the first_* fields to allow auth details get sent
to this origin */
/* Free to avoid leaking memory on multiple requests */
free(data->state.first_host);
data->state.first_host = strdup(conn->host.name);
if(!data->state.first_host)
return CURLE_OUT_OF_MEMORY;
data->state.first_remote_port = conn->remote_port;
data->state.first_remote_protocol = conn->handler->protocol;
/* Setup the 'p_request' pointer to the proper p_request string
* Since all RTSP requests are included here, there is no need to
* support custom requests like HTTP.